incubator-adffaces-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Winer (JIRA)" <>
Subject [jira] Commented: (ADFFACES-313) Improve Upload behaviour
Date Tue, 05 Dec 2006 01:20:22 GMT
    [ ] 
Adam Winer commented on ADFFACES-313:

It's a bit trickier than that...  the parsing is needed not only to find the files, but also
to extract ordinary form parameters, like those used for page state.  So, we'd really have
to continue parsing the entire page (just dropping the file content on the ground).  That
means that we're parsing the mega-file, if not actually storing.  So, there's still a bit
of DoS involved.

There's no real way to do per-mime-type size validation (and not clear you'd want to, since
mime types can be lied about).  You can't do validation until *after* file upload has completed,
because of how the JSF lifecycle and component models work.

it would be good, however, to at least support as an option showing a FacesMessage for the
component where file upload failed.

> Improve Upload behaviour
> ------------------------
>                 Key: ADFFACES-313
>                 URL:
>             Project: MyFaces ADF-Faces
>          Issue Type: Improvement
>         Environment: All, commons-upload
>            Reporter: Patrick Huber
> Trinidad/commons-upload assume some memory and space limits for uploads which can be
configured in /WEB-INF/web.xml:
> -----------
> <context-param>
>     <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>
>     <param-value>512000</param-value>
> </context-param>
> <context-param>
>     <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>
>     <param-value>5120000</param-value>
> </context-param>
> -----------
> When the larger of these two values is exceeded, trinidad just trows an EOFException.
What the user sees in the browser is this:
> ----------
> Per-request disk space limits exceeded.
> RequestURI=/apache_trinidad/upload.faces
> Caused by:
> Per-request disk space limits exceeded.
> 	at org.apache.myfaces.trinidadinternal.webapp.UploadedFileImpl.loadFile(
> 	at org.apache.myfaces.trinidadinternal.webapp.UploadedFileProcessorImpl.processFile(
> 	at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doUploadFile(
> 	at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(
> 	at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
> 	at org.mortbay.jetty.servlet.ServletHandler.handle(
> 	at org.mortbay.jetty.servlet.SessionHandler.handle(
> 	at org.mortbay.jetty.handler.ContextHandler.handle(
> 	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(
> 	at org.mortbay.jetty.handler.HandlerCollection.handle(
> 	at org.mortbay.jetty.handler.HandlerWrapper.handle(
> 	at org.mortbay.jetty.Server.handle(
> 	at org.mortbay.jetty.HttpConnection.handleRequest(
> 	at org.mortbay.jetty.HttpConnection$RequestHandler.content(
> 	at org.mortbay.jetty.HttpParser.parseNext(
> 	at org.mortbay.jetty.HttpParser.parseAvailable(
> 	at org.mortbay.jetty.HttpConnection.handle(
> 	at
> 	at org.mortbay.thread.BoundedThreadPool$
> Powered by Jetty://
> ----------
> It is possible to add a "validator" attribute to a tr:inputFile component. However, that
validator is only invoked when the upload size is smaller than the limits and the upload succeeds.
I believe these limits really do make sense but a 500 plus stacktrace is not very cool. I
propose that trinidad writes a FacesMessage to the FacesContext for the inputFile component
and re-renders the same page, so the user sees the normal page again with a meaningful error
message. The error message should be configurable/localizable.
> I don't know much about uploading things. Maybe it's also possible to determine the upload
size before having received any data and then invoke the validator before receiving the data,
so the developer could for example apply different size limits based on the mime-type of the
upload. The inputFile component had to be extended to contain the same information as the
valueChangeListener of the inputFile component received on its invocation.
> regards
> Patrick

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message